Randomizes ip id numbers to disallow ip id portscan. It's not fool-proof, it only randomizes 8 bits out of a total of 16 bits to avoid reusing ip ids to soon. What this means is that it takes 256 (or 255 if port was open) packets per port to a host with this patch rather than 1 packet. Given that packets can (and are) lost now and then on that horrible Internet it's even safer than it sounds.

Can be turned off at compile and runtime (/proc/sys/net/ipv4/ip_random_id)

Should work on all architectures.

Not needed for 2.4.x since it has a better system for ip id randomness.

I ran this on ftp.habets.pp.se for 180 days straight, after which the UPS failed which caused downtime. So it's stable.